C Oracle ADF Permission Grants

This appendix lists the security-aware components of Oracle Application Development Framework (Oracle ADF) and the actions that their Permission implementation classes define.

Table C-1 shows the ADF components and their permission grants that you can define to create ADF security policies. You add grants to the policy store using the overview editor for ADF security policies. A permission grant specifies the fully qualified permission class name, the fully qualified resource name, the action that can be performed against the resource, and the application role target of the grant. When you enable ADF security to enforce permission checking, the operations supported by ADF components will be inaccessible to users who do not possess sufficient access rights as defined by grants to their application role.

The view action controls who can read and execute a bounded task flow. Pages that the user accesses within the process of executing a bounded task flow will not be individually security checked and will run under the permission of the task flow.

In this release, this is the only task flow action supported by Fusion web applications without Oracle WebCenter Portal: Framework.

Customize

Reserved for future use. This action is not checked at runtime.

Grant

Reserved for future use. This action is not checked at runtime.

Personalize

Reserved for future use. This action is not checked at runtime.

ADF page definition

View

The view action controls who can view the page. Page-level security is checked for pages that have an associated page definition binding file only if the page is accessed in the process of an unbounded task flow. There is a one-to-one relationship between the page definition file and the web page it secures.

In this release, this is the only page definition action supported by Fusion web applications without Oracle WebCenter Portal: Framework.

Customize

The customize action controls who can make implicit changes (such as minimize/restore, delete, or move) to a WebCenter Portal customizable component (in a Panel Customizable or Show Detail Frame) contained in a page of a custom application (one enabled to use Oracle WebCenter Portal's Composer) or a WebCenter Portal: Framework application.

Edit

The edit action controls who can invoke Oracle WebCenter Portal's Composer and who can make changes to the page using Oracle WebCenter Portal's Composer. Additionally, this action combines personalize and customize actions. This means that the edit action also controls who can make implicit changes to a WebCenter Portal customizable component (in a Panel Customizable or Show Detail Frame) contained in a page with the edit permission grant.

Grant

The grant action confers the rights specified by all WebCenter-specific actions combined; it is equivalent to granting all other actions. It also controls who can make grants to other users and who can change security settings on the page using Oracle WebCenter Portal's Composer.

Personalize

The personalize action controls who can make implicit changes (such as minimize/restore, delete, or move) to a WebCenter Portal customizable component (in a Panel Customizable or Show Detail Frame) contained in a page of a custom application (one enabled to use Oracle WebCenter Portal's Composer) or a WebCenter Portal: Framework application.

ADF Business Components entity objects

read

The read action controls who can view a row of the bound collection.

update

The update action controls who can update any attribute of the bound collection.

removeCurrentRow/delete

The delete action controls who can delete a row from the bound collection.

ADF Business Components attributes of entity objects

update

The update action controls who can update a specific attribute of the bound collection.